I have around $1700AUD of credit with Luxury Escapes and tried to book a stay ($799AUD) at LE online today. Received a message saying I needed to call LE (they're an online travel agent - calling them I felt like I was back in the 80's). After talking with the LE support staff in Australia (friendly) and UK (quite rude and unhelpful), it appears your process for "fraud protection" requires me to provide my passport or drivers licence image to a generic support email account that I can only guess a multitude of people have access to. Obviously this isn't happening. I would like to think that Optus, Medibank and the rest of the PII breaches taught Australian companies something but it seems it hasn't taught LE a thing. LE are therefore holding my $1700 until I email them my sensitive information. I have no knowledge of, or confidence in, how LE will handle my data. There are far better ways of protecting your organisation, and your customers from fraud. The LE process currently is effectively saying "we dont trust our customers, but we expect them to trust us".